B1

Transaction reporting was a key focus in MiFID I. Twelve firms were fined a total of £33m by the Financial Conduct Authority (FCA) and further fines were levied across the EU.1 With the greatly expanded rules under MiFID II, there are even more pitfalls. Our survey of ten EU regulators revealed that six of these are currently undertaking or planning supervisory activities on MiFID II transaction reporting, the FCA among them.2

At a July Transaction Reporting industry forum, the FCA reaffirmed that basic mistakes in transaction reporting are not acceptable. The FCA offers the industry a data extract functionality through which firms can request samples of the data they have submitted to the FCA for the purposes of carrying out end-to-end reconciliations. The FCA would like to see firms request more samples. Firms should undertake reviews as soon as possible to ensure compliance with MiFID II rules. In our experience, transaction reporting data quality issues are the visible symptom of deeper-rooted causes. It is essential for firms to identify the underlying causes and tackle them at source.

Our assessment of the five main causes of poor data quality:

  1. Poor change management: without an effective change management framework suitable for transaction reporting, there is a material risk of blind spots forming, which can adversely affect data quality. This can lead to under-reporting or misreporting due to changes (e.g. related to regulation, processes, infrastructure and technology, business models, trading activity, and people) not being reflected in the reporting‎. Solutions include having change policies that are tailored to each business and integrating transaction reporting change into wider enterprise change.
  2. Insufficient data governance: it is important to map out the transaction reporting data flow to avoid failures in identifying and managing effectively the various sources of data associated with the transaction reporting end-to-end process. This enables a firm to understand both data sources and system dependencies, which is essential when developing a data governance framework. Firms should consider assigning ownership per data source, along with a clear delineation of responsibilities, such as for maintaining accurate records of data audit trail (e.g. to meet requirements on quality reviews of historical data). Data governance can intrinsically enhance the effectiveness of change management.
  3. Lack of oversight / governance: transaction reporting monitoring could either exist as a standalone function or be apportioned and distributed across different business areas such as Operations, Risk and Compliance. A transaction reporting policy would typically determine and articulate the roles and responsibilities each area would have in the end-to-end process. The existence of a dedicated function tasked with the oversight of the reporting process is therefore crucial for timely detection, escalation and remediation of issues as they arise. Ancillary and periodic responsibilities could include, but not be limited to, collation and production of management information (MI) on transaction reporting risks and issues, representation at Risk Committee level, ownership and coordination of quality assurance exercises, such a data deep dives, thematic reviews and reconciliations, as well as corrective back-reporting.‎
  4. Inadequate data quality assurance: MiFID II stipulates that appropriate methods and arrangements should be in place to uphold data quality of new and historical transaction reports, in particular, related to completeness, accuracy and timeliness of submissions. Problems emerge where there is poor data understanding and appreciation. This is usually linked to lack of meaningful subject matter expertise to support data quality deep dives and thematic work. Solutions include systematic reviewing and testing of reporting rules and logic; conducting full end-to-end reconciliations of transaction reporting data samples; root cause analysis of issues; and exception handling.
  5. Lack of standardisation: lack of a formal incident management process supported by risk categorisation can lead to ad hoc documentation of incidents and a lack of centralised access and storage. This can in turn result in incorrect classification of issues resulting in failures in the escalation process. Solutions include the deployment of a risk framework to overlay the incident management process and determine the escalation protocol, as well as the development of key risk indicators against idiosyncratic business requirements.

What should firms do now?

  • Treat the cause, not the symptom. If firms have concerns, they should undertake a review of MiFID II transaction reporting compliance, focusing on the root causes of poor data quality.
  • Ensure there is a strong framework to govern the transaction reporting process. Effective governance and controls are essential so that as businesses evolve they ensure complete and accurate reporting on a continuous basis.
  • Ensure there is a clear MI strategy. MI should be produced in the context of the decision-making it is intended to support. It should account for the firm’s idiosyncrasies, business model and activities, as well as being accurate, relevant, consistent and timely in order to effectively enable senior management to make decisions and take action. MI sources could include, but not be limited to, the internal incident management log, the Approved Reporting Mechanism or FCA rejections (looking at error types). MI could include, but not be limited to, the total volume of reports over a pre-determined period (broken down by asset class or order management system); or the volume of incidents or breaches over a pre-determined period.
  • Ensure the major hotspots are covered. We expect areas of remedial focus to be on controls, governance, documentation, and completeness and accuracy of transaction reports.

__________________________________________________________________________________________________

1FCA Transaction reporting fines
2Cyprus Securities and Exchange Commission, French Autorité des Marchés Financiers, German Federal Financial Supervisory Authority, Central Bank of Ireland, Spain’s Comisión Nacional del Mercado de Valores, and the UK FCA. See our blog for further details.

 

Matt

Matt Ranson – Director, Risk Advisory

Matt has over ten years of financial services experience. As part of the Deloitte Risk Advisory team, he has led multiple engagements focusing on regulatory change and wider conduct. Prior to joining Deloitte, he was a derivatives trader focusing on European interest rate futures.

Email | LinkedIn

Chris

Christiana Chatzicharalampous – Senior Manager, Risk Advisory

Christiana Chatzicharalampous is a Senior Manager in Deloitte’s Financial Services Risk Advisory Practice and joined the firm in November 2016. Christiana leads the MiFID II Transaction Reporting proposition for Risk Advisory and in addition specialises in MiFID II post-trade transparency and governance. Prior to joining Deloitte, Christiana spent over 5 years at the Financial Conduct Authority, where she worked as a specialist supervisor in the Transaction Reporting space (MiFID I & II).

Email | LinkedIn

Rosaline

Rosalind Fergusson – Senior Manager, Centre for Regulatory Strategy

Rosalind works in the EMEA Centre for Regulatory Strategy, with a focus on capital markets regulation. She has twelve years of experience in financial services. Before joining Deloitte in January 2012, she worked in financial services policy at HM Treasury and also has experience in the asset management industry.

Email | LinkedIn

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.